This presentation explains the goals of the Secure Software Alliance and the importance of security in the lifecycle of software. More information and download
The framework consists of four phases: In the context phase, the software system is described along with its desired security properties and assumptions. This is the basis for the rest of the evaluation and will be part of the public audit report. The threats phase deals with identifying possible attacks against the software system and the associated mitigating measures against these threats. In the implementation phase, the code and configuration
This ENISA study introduces good practices for IoT security, with a particular focus on software development guidelines for secure IoT products and services throughout their lifetime. Establishing secure development guidelines across the IoT ecosystem, is a fundamental building block for IoT security. By providing good practices on how to secure the IoT software development process, this study tackles one aspect for achieving security by design, a key recommendation that was
The control framework that is presented in this study report is built upon the ever-increasing number of articles, (research) papers, books and best practice models about Agile and DevOps.The goal for this study report is to provide IT auditors, but also other information security and risk professionals, with a basic introduction and a control framework to mitigate the key IT risks associated with agile and DevOps principles.